Test reports welcome!
--8<--
This is a new major release with many new features:
- Client-specific tls-crypt keys (--tls-crypt-v2)
- Added support for using the ChaCha20-Poly1305 cipher in the
OpenVPN data channel
- Improved Data channel cipher negotiation
- Removal of BF-CBC support in default configuration
- Asynchronous (deferred) authentication support for auth-pam plugin
- Deferred client-connect
- Faster connection setup
- Netlink support
- Wintun support
- IPv6-only operation
- Improved Windows 10 detection
- Linux VRF support
- TLS 1.3 support
- Support setting DHCP search domain
- Handle setting of tun/tap interface MTU on Windows
- HMAC based auth-token support
- VLAN support
- Support building of .msi installers for Windows
- Allow unicode search string in --cryptoapicert option (Windows)
- Support IPv4 configs with /31 netmasks now
- New option --block-ipv6 to reject all IPv6 packets (ICMPv6)
- IPv4-only VPN
More details on these new features as well as a list of deprecated
features and user-visible changes are available in Changes.rst:
<https://github.com/OpenVPN/openvpn/blob/release/2.5/Changes.rst>
-->8--
Index: Makefile
===================================================================
RCS file: /d/cvs/ports/net/openvpn/Makefile,v
retrieving revision 1.101
diff -u -p -r1.101 Makefile
--- Makefile 17 May 2020 08:53:27 -0000 1.101
+++ Makefile 23 Aug 2020 11:04:42 -0000
@@ -2,8 +2,8 @@
COMMENT= easy-to-use, robust, and highly configurable VPN
-DISTNAME= openvpn-2.4.9
-REVISION= 0
+DISTNAME= openvpn-2.5_beta1
+PKGNAME= openvpn-2.5beta1
CATEGORIES= net security
@@ -20,12 +20,15 @@ MASTER_SITES= https://swupdate.openvpn.o
LIB_DEPENDS= archivers/lzo2 \
archivers/lz4
+TEST_DEPENDS= devel/cmocka
-SEPARATE_BUILD= Yes
+#SEPARATE_BUILD= Yes
CONFIGURE_STYLE= gnu
-CONFIGURE_ENV= CPPFLAGS="-I${LOCALBASE}/include" \
- LDFLAGS="-L${LOCALBASE}/lib ${LDFLAGS}"
+CONFIGURE_ENV= CPPFLAGS="-I${LOCALBASE}/include" \
+ LDFLAGS="-L${LOCALBASE}/lib ${LDFLAGS}" \
+ RST2HTML="${LOCALBASE}/bin/rst2html-3" \
+ RST2MAN="${LOCALBASE}/bin/rst2man-3"
DEBUG_PACKAGES= ${BUILD_PACKAGES}
Index: distinfo
===================================================================
RCS file: /d/cvs/ports/net/openvpn/distinfo,v
retrieving revision 1.44
diff -u -p -r1.44 distinfo
--- distinfo 21 Apr 2020 23:43:55 -0000 1.44
+++ distinfo 23 Aug 2020 11:04:42 -0000
@@ -1,2 +1,2 @@
-SHA256 (openvpn-2.4.9.tar.gz) = RrJo74jmfKbeLp8ZlD655ayFROVfXB869ncpjQPmS24=
-SIZE (openvpn-2.4.9.tar.gz) = 1455736
+SHA256 (openvpn-2.5_beta1.tar.gz) =
dqbtLlTf1jP0JuYoFE4Cwgvj7U6qH3EmQeNVPCuez9c=
+SIZE (openvpn-2.5_beta1.tar.gz) = 1784399
Index: patches/patch-configure
===================================================================
RCS file: /d/cvs/ports/net/openvpn/patches/patch-configure,v
retrieving revision 1.22
diff -u -p -r1.22 patch-configure
--- patches/patch-configure 21 Apr 2020 23:43:55 -0000 1.22
+++ patches/patch-configure 23 Aug 2020 11:04:42 -0000
@@ -2,7 +2,7 @@ $OpenBSD: patch-configure,v 1.22 2020/04
Index: configure
--- configure.orig
+++ configure
-@@ -18146,7 +18146,7 @@ else
+@@ -18249,7 +18249,7 @@ else
fi
Index: patches/patch-include_Makefile_in
===================================================================
RCS file: /d/cvs/ports/net/openvpn/patches/patch-include_Makefile_in,v
retrieving revision 1.11
diff -u -p -r1.11 patch-include_Makefile_in
--- patches/patch-include_Makefile_in 21 Apr 2020 23:43:55 -0000 1.11
+++ patches/patch-include_Makefile_in 23 Aug 2020 11:04:42 -0000
@@ -2,7 +2,7 @@ $OpenBSD: patch-include_Makefile_in,v 1.
Index: include/Makefile.in
--- include/Makefile.in.orig
+++ include/Makefile.in
-@@ -336,7 +336,7 @@ host_cpu = @host_cpu@
+@@ -339,7 +339,7 @@ host_cpu = @host_cpu@
host_os = @host_os@
host_vendor = @host_vendor@
htmldir = @htmldir@
Index: patches/patch-sample_sample-config-files_static-home_conf
===================================================================
RCS file:
/d/cvs/ports/net/openvpn/patches/patch-sample_sample-config-files_static-home_conf,v
retrieving revision 1.2
diff -u -p -r1.2 patch-sample_sample-config-files_static-home_conf
--- patches/patch-sample_sample-config-files_static-home_conf 29 Nov 2016
09:22:02 -0000 1.2
+++ patches/patch-sample_sample-config-files_static-home_conf 23 Aug 2020
11:04:42 -0000
@@ -1,17 +0,0 @@
-$OpenBSD: patch-sample_sample-config-files_static-home_conf,v 1.2 2016/11/29
09:22:02 jca Exp $
---- sample/sample-config-files/static-home.conf.orig Thu Nov 3 09:49:49 2016
-+++ sample/sample-config-files/static-home.conf Fri Nov 18 17:49:59 2016
-@@ -40,10 +40,10 @@ cipher AES-256-CBC
- ; port 1194
-
- # Downgrade UID and GID to
--# "nobody" after initialization
-+# "_openvpn" after initialization
- # for extra security.
--; user nobody
--; group nobody
-+user _openvpn
-+group _openvpn
-
- # If you built OpenVPN with
- # LZO compression, uncomment
Index: patches/patch-sample_sample-config-files_static-office_conf
===================================================================
RCS file:
/d/cvs/ports/net/openvpn/patches/patch-sample_sample-config-files_static-office_conf,v
retrieving revision 1.2
diff -u -p -r1.2 patch-sample_sample-config-files_static-office_conf
--- patches/patch-sample_sample-config-files_static-office_conf 29 Nov 2016
09:22:02 -0000 1.2
+++ patches/patch-sample_sample-config-files_static-office_conf 23 Aug 2020
11:04:42 -0000
@@ -1,17 +0,0 @@
-$OpenBSD: patch-sample_sample-config-files_static-office_conf,v 1.2 2016/11/29
09:22:02 jca Exp $
---- sample/sample-config-files/static-office.conf.orig Thu Nov 3 09:49:49 2016
-+++ sample/sample-config-files/static-office.conf Fri Nov 18 17:49:59 2016
-@@ -37,10 +37,10 @@ cipher AES-256-CBC
- ; port 1194
-
- # Downgrade UID and GID to
--# "nobody" after initialization
-+# "_openvpn" after initialization
- # for extra security.
--; user nobody
--; group nobody
-+user _openvpn
-+group _openvpn
-
- # If you built OpenVPN with
- # LZO compression, uncomment
Index: patches/patch-sample_sample-config-files_tls-home_conf
===================================================================
RCS file:
/d/cvs/ports/net/openvpn/patches/patch-sample_sample-config-files_tls-home_conf,v
retrieving revision 1.1
diff -u -p -r1.1 patch-sample_sample-config-files_tls-home_conf
--- patches/patch-sample_sample-config-files_tls-home_conf 20 Apr 2013
16:22:55 -0000 1.1
+++ patches/patch-sample_sample-config-files_tls-home_conf 23 Aug 2020
11:04:42 -0000
@@ -1,7 +1,8 @@
$OpenBSD: patch-sample_sample-config-files_tls-home_conf,v 1.1 2013/04/20
16:22:55 sthen Exp $
---- sample/sample-config-files/tls-home.conf.orig Mon Sep 10 17:01:08 2012
-+++ sample/sample-config-files/tls-home.conf Thu Mar 7 14:02:35 2013
-@@ -48,10 +48,10 @@ key home.key
+Index: sample/sample-config-files/tls-home.conf
+--- sample/sample-config-files/tls-home.conf.orig
++++ sample/sample-config-files/tls-home.conf
+@@ -48,10 +48,10 @@ cipher AES-256-GCM
; port 1194
# Downgrade UID and GID to
Index: patches/patch-sample_sample-config-files_tls-office_conf
===================================================================
RCS file:
/d/cvs/ports/net/openvpn/patches/patch-sample_sample-config-files_tls-office_conf,v
retrieving revision 1.1
diff -u -p -r1.1 patch-sample_sample-config-files_tls-office_conf
--- patches/patch-sample_sample-config-files_tls-office_conf 20 Apr 2013
16:22:55 -0000 1.1
+++ patches/patch-sample_sample-config-files_tls-office_conf 23 Aug 2020
11:04:42 -0000
@@ -1,7 +1,8 @@
$OpenBSD: patch-sample_sample-config-files_tls-office_conf,v 1.1 2013/04/20
16:22:55 sthen Exp $
---- sample/sample-config-files/tls-office.conf.orig Mon Sep 10 17:01:08 2012
-+++ sample/sample-config-files/tls-office.conf Thu Mar 7 14:02:35 2013
-@@ -48,10 +48,10 @@ key office.key
+Index: sample/sample-config-files/tls-office.conf
+--- sample/sample-config-files/tls-office.conf.orig
++++ sample/sample-config-files/tls-office.conf
+@@ -51,10 +51,10 @@ cipher AES-256-GCM
; port 1194
# Downgrade UID and GID to
Index: patches/patch-src_openvpn_route_c
===================================================================
RCS file: /d/cvs/ports/net/openvpn/patches/patch-src_openvpn_route_c,v
retrieving revision 1.13
diff -u -p -r1.13 patch-src_openvpn_route_c
--- patches/patch-src_openvpn_route_c 5 Apr 2019 06:56:00 -0000 1.13
+++ patches/patch-src_openvpn_route_c 23 Aug 2020 11:04:42 -0000
@@ -7,7 +7,7 @@ $OpenBSD: patch-src_openvpn_route_c,v 1.
Index: src/openvpn/route.c
--- src/openvpn/route.c.orig
+++ src/openvpn/route.c
-@@ -1781,12 +1781,17 @@ add_route(struct route_ipv4 *r,
+@@ -1796,12 +1796,17 @@ add_route(struct route_ipv4 *r,
}
#endif
@@ -28,7 +28,7 @@ Index: src/openvpn/route.c
argv_msg(D_ROUTE, &argv);
status = openvpn_execve_check(&argv, es, 0, "ERROR: OpenBSD/NetBSD route
add command failed");
-@@ -3603,7 +3608,7 @@ get_default_gateway(struct route_gateway_info *rgi)
+@@ -3464,7 +3469,7 @@ get_default_gateway(struct route_gateway_info *rgi, op
/* setup data to send to routing socket */
pid = getpid();
seq = 0;
@@ -37,7 +37,7 @@ Index: src/openvpn/route.c
bzero(&m_rtmsg, sizeof(m_rtmsg));
bzero(&so_dst, sizeof(so_dst));
-@@ -3821,7 +3826,7 @@ get_default_gateway_ipv6(struct route_ipv6_gateway_inf
+@@ -3682,7 +3687,7 @@ get_default_gateway_ipv6(struct route_ipv6_gateway_inf
/* setup data to send to routing socket */
pid = getpid();
seq = 0;
Index: patches/patch-src_openvpn_tun_c
===================================================================
RCS file: /d/cvs/ports/net/openvpn/patches/patch-src_openvpn_tun_c,v
retrieving revision 1.17
diff -u -p -r1.17 patch-src_openvpn_tun_c
--- patches/patch-src_openvpn_tun_c 21 Feb 2019 23:41:12 -0000 1.17
+++ patches/patch-src_openvpn_tun_c 23 Aug 2020 11:04:42 -0000
@@ -6,44 +6,33 @@ $OpenBSD: patch-src_openvpn_tun_c,v 1.17
Index: src/openvpn/tun.c
--- src/openvpn/tun.c.orig
+++ src/openvpn/tun.c
-@@ -1202,7 +1202,7 @@ do_ifconfig(struct tuntap *tt,
- if (tun)
- {
- argv_printf(&argv,
-- "%s %s %s %s mtu %d netmask 255.255.255.255 up
-link0",
-+ "%s %s %s %s mtu %d netmask 255.255.255.255 up",
- IFCONFIG_PATH,
- actual,
- ifconfig_local,
-@@ -1214,7 +1214,7 @@ do_ifconfig(struct tuntap *tt,
- {
- remote_end = create_arbitrary_remote( tt );
- argv_printf(&argv,
-- "%s %s %s %s mtu %d netmask %s up -link0",
-+ "%s %s %s %s mtu %d netmask %s up",
- IFCONFIG_PATH,
- actual,
- ifconfig_local,
-@@ -1225,8 +1225,13 @@ do_ifconfig(struct tuntap *tt,
- }
- else
- {
-+ /*
-+ * OpenBSD has distinct tun and tap devices
-+ * so we don't need the "link0" extra parameter to specify we want
to do
-+ * tunneling at the ethernet level
-+ */
- argv_printf(&argv,
-- "%s %s %s netmask %s mtu %d broadcast %s link0",
-+ "%s %s %s netmask %s mtu %d broadcast %s",
- IFCONFIG_PATH,
- actual,
- ifconfig_local,
-@@ -2615,7 +2620,6 @@ close_tun(struct tuntap *tt)
+@@ -1247,21 +1247,26 @@ do_ifconfig_ipv4(struct tuntap *tt, const char *ifname
+ if (tun)
+ {
+ argv_printf(&argv,
+- "%s %s %s %s mtu %d netmask 255.255.255.255 up -link0",
++ "%s %s %s %s mtu %d netmask 255.255.255.255 up",
+ IFCONFIG_PATH, ifname, ifconfig_local,
+ ifconfig_remote_netmask, tun_mtu);
+ }
+ else if (tt->topology == TOP_SUBNET)
+ {
+ remote_end = create_arbitrary_remote( tt );
+- argv_printf(&argv, "%s %s %s %s mtu %d netmask %s up -link0",
++ argv_printf(&argv, "%s %s %s %s mtu %d netmask %s up",
+ IFCONFIG_PATH, ifname, ifconfig_local,
+ print_in_addr_t(remote_end, 0, &gc), tun_mtu,
+ ifconfig_remote_netmask);
}
- else if (tt)
+ else
{
-- struct gc_arena gc = gc_new();
- struct argv argv = argv_new();
-
- /* setup command, close tun dev (clears tt->actual_name!), run command
+- argv_printf(&argv, "%s %s %s netmask %s mtu %d link0",
++ /*
++ * OpenBSD has distinct tun and tap devices
++ * so we don't need the "link0" extra parameter to specify we want to do
++ * tunneling at the ethernet level
++ */
++ argv_printf(&argv, "%s %s %s netmask %s mtu %d",
+ IFCONFIG_PATH, ifname, ifconfig_local,
+ ifconfig_remote_netmask, tun_mtu);
+ }
Index: pkg/PLIST
===================================================================
RCS file: /d/cvs/ports/net/openvpn/pkg/PLIST,v
retrieving revision 1.26
diff -u -p -r1.26 PLIST
--- pkg/PLIST 10 Nov 2019 17:50:00 -0000 1.26
+++ pkg/PLIST 23 Aug 2020 11:04:42 -0000
@@ -21,6 +21,7 @@ share/doc/openvpn/README.IPv6
share/doc/openvpn/README.down-root
share/doc/openvpn/README.mbedtls
share/doc/openvpn/management-notes.txt
+share/doc/openvpn/openvpn.8.html
share/doc/pkg-readmes/${PKGSTEM}
share/examples/openvpn/
share/examples/openvpn/sample-config-files/
@@ -34,8 +35,6 @@ share/examples/openvpn/sample-config-fil
share/examples/openvpn/sample-config-files/openvpn-shutdown.sh
share/examples/openvpn/sample-config-files/openvpn-startup.sh
share/examples/openvpn/sample-config-files/server.conf
-share/examples/openvpn/sample-config-files/static-home.conf
-share/examples/openvpn/sample-config-files/static-office.conf
share/examples/openvpn/sample-config-files/tls-home.conf
share/examples/openvpn/sample-config-files/tls-office.conf
share/examples/openvpn/sample-config-files/xinetd-client-config
--
jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF DDCC 0DFA 74AE 1524 E7EE
